Adding ram or vcpu to S300v ?

keithsauer507 · ‎11-15-2017

We recently deployed an S300v and retired our old tiered S170 which just does not seem to move around the web gui anymore. I might try clonezilla on the two 250gb drives in the S170 to Samsung Pro 256GB drives as an experiment, but thats another story.

Anyway now that were on the S300V we ran into an issue this afternoon where all web traffic transparently redirected via WCCP from our ASA's stopped working. Page cannot be displayed, or connection timed out - applications would say if the user was in a subnet that was in http or https redirection. If a user was not in a subnet with https redirection yet (we are slowly phasing that in), https worked great, while http did not.

Needless to say I notice our S300V RAM usage is quite high. I don't have 2.4TB of space available to deploy the S600V, but I have RAM and vCPU resources I could allocate. Would the S300V utilize additional ram or CPU if I added it to the VM? Currently I had to shut it down so the Internet works. I upped the RAM from 8GB to 12GB and I'm currently storage vMotioning it from an old EMC NX4 storage array (with average io latencies of 109 ms) to an EMC VNX5200 (with average io latencies of 9 ms).

Its at 63% migrated now, but once its fully vMotioned, I will power it back on and cross my fingers that it doesn't break the internet.

We added 2 subnets today to HTTPS filtering in the ASA5525 firewalls so maybe its just too much stuff going through https inspection?

Were looking to add storage next year and hopefully if approved, move to an all flash array from Tegile or Pure. That will really improve performance across the board for all virtual machines.

keithsauer507 · ‎11-16-2017

The VM finally migrated to faster storage so I powered it on this morning. I did change the RAM from 8GB to 12GB and when the system was fully up I did get an alert email about it:

The Warning message is:

This vm image is misconfigured. The expected configuration of this virtual model is 8192 MB of RAM. It is currently configured with 12288 MB of RAM. This configuration is an untested state.

Product: Cisco S300V Web Security Virtual Appliance

Model: S300V

Version: 10.5.1-296

Hopefully this is just a one time informational alert at boot up. I feel the extra RAM may help since all of a sudden out of the blue it stopped passing wccp redirected http and https traffic yesterday afternoon until we shut it down. Only a few subnets without https redirection were working for some time yesterday until we powered off the virtual appliance.

So again hopefully it actually utilizes this RAM and it does not cause an internet outage. Its my understanding with the WCCP protocol, there should be no outage. IF the firewall was having a hard time talking to WSA it should have just forwarded the traffic out, just like it did when we powered off the wsa.

keithsauer507 · ‎11-16-2017

I'm just replying in case anyone is reading. This is from Cisco TAC

-This is a cosmetic message because you added more RAM to the S300V. The OVAs are specifically configured with their memory hardcoded in the backend system. Due to this, the vWSA will not use any further RAM past the hardcoded value wasting those resources on the ESXi side. As the message states, this puts the box into an untested state and could cause the potential for issues to occur. RAM utilization of 80% is about right as the proxy caches content in RAM. Until this starts to get into a consistent 95% range, you wouldn’t need to be concerned about the RAM usage.

I think the memory does make somewhat of a difference, because the dashboard shows I'm only using 49% RAM vs the 80% range. But in a maintenance window I might power it off and bring it back down to 8GB.

HarryM · ‎02-12-2018

Hi. Have you decided the question?